Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I guess... at the end of the day without some reform to the CFAA I just wouldn't ever feel comfortable using exploits to gain access to a random website–particularly one related to air travel security–that I had no engagement with, even if there are enlightened folks in government who want to protect good-faith research. The downsides are just way too serious in the case someone, somewhere decides there's something worth prosecuting.

The FBI did raid this guy in 2016 after what was seemingly an attempt at responsible disclosure of leaked medical records: https://arstechnica.com/information-technology/2016/05/armed...

And this journalist last year, though the facts of this story are less clear and obviously not responsible-disclosure related: https://www.cjr.org/the_media_today/tim-burke-florida-journa...



Well yeah, I personally don't pen-test random websites without a clear terms or bug bounty program.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: